rpm package
suse/ghostscript&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
Vulnerabilities (50)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15900 | Cri | 9.8 | < 9.52-23.39.1 | 9.52-23.39.1 | Jul 28, 2020 | A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32 | |
| CVE-2020-12268 | Cri | 9.8 | < 9.52-23.34.1 | 9.52-23.34.1 | Apr 27, 2020 | jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. | |
| CVE-2019-14812 | Hig | 7.8 | < 9.27-23.28.1 | 9.27-23.28.1 | Nov 27, 2019 | A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then | |
| CVE-2019-14869 | Hig | 8.8 | < 9.27-23.31.1 | 9.27-23.31.1 | Nov 15, 2019 | A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript | |
| CVE-2019-14813 | Cri | 9.8 | < 9.27-23.28.1 | 9.27-23.28.1 | Sep 6, 2019 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then hav | |
| CVE-2019-14817 | Hig | 7.8 | < 9.27-23.28.1 | 9.27-23.28.1 | Sep 3, 2019 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and t | |
| CVE-2019-14811 | Hig | 7.8 | < 9.27-23.28.1 | 9.27-23.28.1 | Sep 3, 2019 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then | |
| CVE-2019-12973 | Med | 5.5 | < 9.27-23.28.1 | 9.27-23.28.1 | Jun 26, 2019 | In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. | |
| CVE-2019-3839 | Hig | 7.8 | < 9.27-23.28.1 | 9.27-23.28.1 | May 16, 2019 | It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -d | |
| CVE-2019-3838 | Med | 5.5 | < 9.26a-23.22.1 | 9.26a-23.22.1 | Mar 25, 2019 | It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | |
| CVE-2019-3835 | Med | 5.5 | < 9.27-23.28.1 | 9.27-23.28.1 | Mar 25, 2019 | It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | |
| CVE-2019-6116 | Hig | 7.8 | < 9.26a-23.19.1 | 9.26a-23.19.1 | Mar 21, 2019 | In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | |
| CVE-2018-19477 | Hig | 7.8 | < 9.26-23.16.1 | 9.26-23.16.1 | Nov 23, 2018 | psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | |
| CVE-2018-19476 | Hig | 7.8 | < 9.26-23.16.1 | 9.26-23.16.1 | Nov 23, 2018 | psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. | |
| CVE-2018-19475 | Hig | 7.8 | < 9.26-23.16.1 | 9.26-23.16.1 | Nov 23, 2018 | psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | |
| CVE-2018-19409 | Cri | 9.8 | < 9.26-23.16.1 | 9.26-23.16.1 | Nov 21, 2018 | An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | |
| CVE-2018-18284 | Hig | 8.6 | < 9.26-23.16.1 | 9.26-23.16.1 | Oct 19, 2018 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | |
| CVE-2018-18073 | Med | 6.3 | < 9.26-23.16.1 | 9.26-23.16.1 | Oct 15, 2018 | Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | |
| CVE-2018-17961 | Hig | 8.6 | < 9.26-23.16.1 | 9.26-23.16.1 | Oct 15, 2018 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. | |
| CVE-2018-17183 | Hig | 7.8 | < 9.25-23.13.1 | 9.25-23.13.1 | Sep 19, 2018 | Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. |
- affected < 9.52-23.39.1fixed 9.52-23.39.1
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32
- affected < 9.52-23.34.1fixed 9.52-23.34.1
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
- affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then
- affected < 9.27-23.31.1fixed 9.27-23.31.1
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript
- affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then hav
- affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and t
- affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then
- affected < 9.27-23.28.1fixed 9.27-23.28.1
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
- affected < 9.27-23.28.1fixed 9.27-23.28.1
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -d
- affected < 9.26a-23.22.1fixed 9.26a-23.22.1
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
- affected < 9.27-23.28.1fixed 9.27-23.28.1
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
- affected < 9.26a-23.19.1fixed 9.26a-23.19.1
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
- affected < 9.25-23.13.1fixed 9.25-23.13.1
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
Page 1 of 3